Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
151 fines found
Total: $190.9M
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2019-07-30 | Unknown | €80K | GDPR | Data Protection Authority of Baden-Wuerttemberg | Germany | Failure to implement sufficient measures to ensure information security | Two companies working in finances didn’t follow the procedure when disposing of ...Two companies working in finances didn’t follow the procedure when disposing of personal data. Articles: Art. 32 GDPR |
| 2019-04-04 | Company in the financial sector | €80K | GDPR | Data Protection Authority of Baden-Wuerttemberg | Germany | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 GDPR, Art. 32 GDPR |
| 2019-07-30 | Unknown | €80K | GDPR | Data Protection Authority of Baden-Wuerttemberg | Germany | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2019-07-30 | Unknown | €80K | GDPR | Data Protection Authority of Baden-Wuerttemberg | Germany | Failure to implement sufficient measures to ensure information security | In a digital publication, health data was accidentally published due to inadequa...In a digital publication, health data was accidentally published due to inadequate internal control mechanisms.Due to inadequate internal control mechanisms, health data was made public by a digital publication. Articles: Art. 32 GDPR |
| 2019-10-17 | Unknown | €80K | GDPR | Data Protection Authority of Baden-Wuerttemberg | Germany | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2019-07-30 | Unknown | €80K | GDPR | Data Protection Authority of Baden-Wuerttemberg | Germany | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2020-01-01 | Company | €65K | GDPR | Data Protection Authority of Niedersachsen | Germany | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2019-01-01 | Meta Platforms | €51K | GDPR | Data Protection Authority of Hamburg | Germany | Failure to appoint a data protection officer | The German branch of Facebook was fined by €51,000 because it failed to appoint ...The German branch of Facebook was fined by €51,000 because it failed to appoint a data protection officer. Facebook argued that it did in fact appoint a data protection officer in Ireland who acted as a data protection officer for all the local European Facebook branches. The Data Protection Authority of Hamburg, however, argued that Facebook did not notify the German authority about this appointment, and as such, the fine is valid. The reason the fine was relatively small was that Facebook did, after all, appoint a DPO but failed to notify German authorities. The fine was given to Facebook Germany GmbH, which is the local German branch of the company.The fine was issued sometimes in 2019 but was only made public by the Data Protection Authority of Hamburg in February 2020. The exact date of the fine was not revealed. Articles: Art. 37 GDPR |
| 2019-01-01 | Meta Platforms | €51K | GDPR | Data Protection Authority of Hamburg | Germany | Failure to appoint a data protection officer | --Articles: Art. 37 GDPR |
| 2019-03-01 | N26 | €50K | GDPR | Data Protection Authority of Berlin | Germany | Non-compliance with lawful basis for data processing | A bank had retained the personal data of former customers in order to create a b...A bank had retained the personal data of former customers in order to create a blacklist. Apparently, they wanted to prevent those customers from opening up new accounts at their bank because they were suspected of money laundering. While the bank wanted to hand-wave away this unlawful act by appealing to the German Banking Act, the Berlin Supervisory Authority found this to be illegal. Articles: Art. 6 GDPR |
| 2019-03-01 | N26 | €50K | GDPR | Data Protection Authority of Berlin | Germany | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |
| -- | Unknown | €50K | GDPR | Data Protection Authority of Brandenburg | Germany | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 15 GDPR, Art. 28 GDPR |
| 2022-09-21 | Property development company | €50K | GDPR | Data Protection Authority of Baden-Wuerttemberg | Germany | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) GDPR, Art. 14 GDPR |
| 2019-01-01 | https://datenschutz-hamburg.de/assets/pdf/28._Taetigkeitsbericht_Datenschutz_2019_HmbBfDI.pdf | €20K | GDPR | Data Protection Authority of Hamburg | Germany | Failure to implement sufficient measures to ensure information security | HVV GmbH had not reported a data breach to the data protection authority in due ...HVV GmbH had not reported a data breach to the data protection authority in due time. This data breach was related to the security gap in the Customer E-Service, in that that clients with an HVV card who logged in the CES could access the data of other customers by changing the URL to match their data profile. Articles: Art. 33 GDPR, Art. 34 GDPR |
| 2019-01-01 | https://datenschutz-hamburg.de/assets/pdf/28._Taetigkeitsbericht_Datenschutz_2019_HmbBfDI.pdf | €20K | GDPR | Data Protection Authority of Hamburg | Germany | Failure to implement sufficient measures to ensure information security | --Articles: Art. 33 GDPR, Art. 34 GDPR |
| 2018-11-21 | Knuddels.de | €20K | GDPR | Data Protection Authority of Baden-Wuerttemberg | Germany | Failure to implement sufficient measures to ensure information security | A hack revealed the personal data that included email addresses and passwords of...A hack revealed the personal data that included email addresses and passwords of around 330,000 users. Articles: Art. 32 GDPR |
| 2018-12-01 | Unknown | €20K | GDPR | Data Protection Authority of Hamburg | Germany | Information obligation non-compliance | --Articles: Art. 83 (4) a) GDPR, Art. 33 (1) GDPR, Art. 34 (1) GDPR |
| 2018-11-21 | Knuddels.de | €20K | GDPR | Data Protection Authority of Baden-Wuerttemberg | Germany | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2018-12-01 | Unknown | €20K | GDPR | Data Protection Authority of Hamburg | Germany | Information obligation non-compliance | A data breach was not notified in time and the affected subjects were not made a...A data breach was not notified in time and the affected subjects were not made aware. Articles: Art. 83 (4) a) GDPR, Art. 33 (1) GDPR, Art. 34 (1) GDPR |
| 2022-01-01 | Company | €20K | GDPR | The DPA of Bremen | Germany | Unknown | --Articles: Unknown |
| 2022-01-01 | Covid-19 Test Center | €16K | GDPR | Data Protection Authority of Hessen | Germany | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) GDPR, Art. 33 (1), (5) GDPR |
| 2021-01-01 | Energy supplier | €13K | GDPR | Data Protection Authority of Hambunrg | Germany | Unknown | --Articles: Unknown |
| 2021-01-01 | Energy Supplier | €13K | GDPR | Data Protection Authority of Saxony | Germany | Unknown | --Articles: Unknown |
| 2021-01-01 | Car trading group | €10K | GDPR | Data Protection Authority of Hamburg | Germany | Unknown | --Articles: Unknown |
| 2019-12-09 | Rapidata GmbH | €10K | GDPR | The Federal Commissioner for Data Protection and Freedom of Information (BfDI) | Germany | No data protection officer appointed | The Federal Commissioner for Data Protection and Freedom of Information (BfDI) h...The Federal Commissioner for Data Protection and Freedom of Information (BfDI) ha repeatedly requested the company to appoint a data protection officer in accordance with Article 37 GDPR but even so, Rapidata GmbH refused to do so. The company was fined with €10,000. Articles: Art. 37 GDPR |